Compliance testing through sandbox environments

ABSTRACT

A compliance user or auditor is enabled to inject failures into a sandbox environment, which may be similar to a production service. The sandbox environment may be monitored by the same automation that watches compliance controls in the production service. As the user injects compliance failures into the sandbox, they may detect the appropriate alerts fire in the monitoring system, thereby gaining trust that the monitoring works as it should. A rich report resulting from the test activities may allow the user or auditor to see how a failure of a compliance control leads to the expected monitoring alert.

RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.15/342,132 filed Nov. 3, 2016, now U.S. Pat. No. 10,379,984, which is acontinuation of U.S. patent application Ser. No. 14/329,854 filed Jul.11, 2014, now U.S. Pat. No. 9,519,557. The entire content of both theseprior-filed applications is incorporated by reference herein.

BACKGROUND

The proliferation of computerized automation of processes in everyaspect of life, data storage and processing have become a majorcomponent of networked systems handling financial and othertransactions. In such systems, data is entered, modified, or deletedfrom a number of sources. The same data is maintained in multiple datastores in same or different formats, and a data store has to pick up orsynchronize changes to data based on changes in a different store.Various data stores from simple tables to complicated databases ismaintained and synchronized as new entries or modifications are made bydifferent sources. The changes are synchronized at regular intervals. Inaddition, variety of services are offered to enable internal andexternal parties' interactivity with the data hosted by the data stores.Consumers of the data as well as providers usually demand certificationsassociated with the services to enable compliance-associated processesbetween the parties.

In maintaining a compliant cloud service, providing proof of complianceto compliance customers is part of the process. The proof may need toinclude a showing that the compliance controls implemented on theservice are actually operating as expected. Conventional systems employan independent third party (an auditor) to collect evidence from asample of service components and test them manually. For example,records from 10% of servers may be collected and examined for anindication of compliance. Due to the scale in cloud services, however,even small samples (e.g., 1% or servers) may mean testing thousands ofobjects. Approaches that provide automated testing in the environment(providing a report of aggregated test results to determine compliance)face the challenge that for customers or auditors, the automation is ablack box—they do not have any reason to trust that it is in facttesting the compliance controls in an effective way.

SUMMARY

This summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This summary is not intended to exclusively identify keyfeatures or essential features of the claimed subject matter, nor is itintended as an aid in determining the scope of the claimed subjectmatter.

According to some examples, a method executed on a computing device toprovide compliance testing through sandbox environments is described.The method may include enabling injection of a failure mode to a servicethrough an interactive or programmatic user experience managed by amonitoring host; introducing the failure mode to one or more servers ofa sandbox environment; monitoring effects of the introduced failure inthe sandbox environment; and providing feedback associated with themonitored effects of the introduced failure through the interactive orprogrammatic user experience.

These and other features and advantages will be apparent from a readingof the following detailed description and a review of the associateddrawings. It is to be understood that both the foregoing generaldescription and the following detailed description are explanatory anddo not restrict aspects as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a conceptual diagram illustrating an example cloud service,where compliance may be monitored internally or externally (by thirdparties), according to embodiments;

FIG. 2 illustrates an example scheme to test compliance through sandboxenvironment, according to embodiments;

FIG. 3 illustrates two examples of sandbox environments in relation to aproduction environment, according to embodiments;

FIG. 4 is a simplified networked environment, where a system accordingto embodiments may be implemented;

FIG. 5 is a block diagram of an example computing operating environment,where embodiments may be implemented; and

FIG. 6 illustrates a logic flow diagram for a process to providecompliance testing through sandbox environments according toembodiments.

DETAILED DESCRIPTION

As briefly described above, a system according to some embodiments mayallow a compliance user or auditor to inject failures into a sandboxenvironment, which may be similar to a production service. In someexamples, the sandbox environment may be monitored by the sameautomation that watches compliance controls in the production service.As the user injects compliance failures into the sandbox, they maydetect the appropriate alerts fire in the monitoring system, therebygaining trust that the monitoring works as it should. According to otherexamples, a rich user experience may be provided on the monitoring hostthat allows the compliance user or auditor to inject failures into thesandbox in an intuitive way be able to see how a particular injectionwould cause a particular compliance control to fail. A rich reportresulting from the test activities may allow the user or auditor to seehow a failure of a compliance control leads to the expected monitoringalert.

In the following detailed description, references are made to theaccompanying drawings that form a part hereof, and in which are shown byway of illustrations specific embodiments or examples. These aspects maybe combined, other aspects may be utilized, and structural changes maybe made without departing from the spirit or scope of the presentdisclosure. The following detailed description is therefore not to betaken in a limiting sense, and the scope of the present invention isdefined by the appended claims and their equivalents.

While the embodiments will be described in the general context ofprogram modules that execute in conjunction with an application programthat runs on an operating system on a computing device, those skilled inthe art will recognize that aspects may also be implemented incombination with other program modules.

Generally, program modules include routines, programs, components, datastructures, and other types of structures that perform particular tasksor implement particular abstract data types. Moreover, those skilled inthe art will appreciate that embodiments may be practiced with othercomputer system configurations, including hand-held devices,multiprocessor systems, microprocessor-based or programmable consumerelectronics, minicomputers, mainframe computers, and comparablecomputing devices. Embodiments may also be practiced in distributedcomputing environments where tasks are performed by remote processingdevices that are linked through a communications network. In adistributed computing environment, program modules may be located inboth local and remote memory storage devices.

Embodiments may be implemented as a computer-implemented process(method), a computing system, or as an article of manufacture, such as acomputer program product or computer readable media. The computerprogram product may be a computer storage medium readable by a computersystem and encoding a computer program that comprises instructions forcausing a computer or computing system to perform example process(es).The computer-readable storage medium is a computer-readable memorydevice. The computer-readable storage medium can for example beimplemented via one or more of a volatile computer memory, anon-volatile memory, a hard drive, and a flash drive.

Throughout this specification, the term “platform” may be a combinationof software and hardware components to provide compliance testingthrough sandbox environments in cloud based services. Examples ofplatforms include, but are not limited to, a hosted service executedover a plurality of servers, an application executed on a singlecomputing device, and comparable systems. The term “server” generallyrefers to a computing device executing one or more software programstypically in a networked environment. However, a server may also beimplemented as a virtual server (software programs) executed on one ormore computing devices viewed as a server on the network. More detail onthese technologies and example embodiments may be found in the followingdescription.

FIG. 1 includes a conceptual diagram 100 illustrating an example cloudservice, where compliance may be monitored internally or externally (bythird parties), according to embodiments.

As shown in diagram 100, a server 104, representing a plurality ofservers, may provide cloud services. The cloud services may includevariety of applications including web services, reporting services,financial services, and similar ones. Consumers of the cloud service mayaccess it through client devices such as tablet 108 or smart phone 110.In other configurations, the cloud service may be accessed by a server108 of a consuming entity, which in turn may provide the service to itsclients (users). The server 104 may operate in conjunction with a numberof data storage systems represented by database server 102.

Consumers of the cloud service and/or regulatory authorities may demandcompliance with security, privacy, storage, or other requirements. Somecloud services may provide certification documents associated withprovided services such as storage policy certification, security policycertification, and similar ones. Compliance certification or on-demandproof of compliance may involve monitoring of cloud service operations.A server of the cloud service provider or a server of a third partycertification service (represented by server 112) may monitor cloudservice operations such as service—client communications, data storage,handling of security aspects, etc.

As mentioned above, even small samples of compliance testing may meanburdensome operations on the monitoring side of the system. Automatedcompliance testing aggregating results to determine compliance may notprovide sufficient confidence to consumers or auditors. A systemaccording to embodiments may enable active testing through injection offailures into a sandbox environment, which may be similar to the actualcloud service. The sandbox environment may be monitored by the samesystem(s) that monitor compliance controls in the cloud service. Thus, auser or auditor injecting compliance failures into the sandboxenvironment may detect the alerts in the monitoring system and gaintrust that the monitoring works.

While the example system in FIG. 1 has been described with specificcomponents including a server 104 providing cloud services, embodimentsare not limited to these components or system configurations and can beimplemented with other system configuration employing fewer oradditional components. Furthermore, embodiments are not limited tocompliance, validation, and trust based schemes. The approachesdiscussed here may be applied to any compliance testing process for anyservices provided by an application and/or a server using the principlesdescribed herein.

FIG. 2 illustrates an example scheme to test compliance through sandboxenvironment, according to embodiments.

As shown in diagram 200, customers and/or auditors 212 may learn trustthe compliance monitoring system if they are able to see that forcompliance failures, the monitoring system responds (with alerts,reports, etc.) as they expect. The monitoring automation sub-system 202may include a list of compliance controls 204, 206, and 208 includingdetails on how to automatically test each one. The results of thesetests may be aggregated and provided (e.g., in form of rich reports) bythe monitoring host 210. The monitoring host 210 may present aninteractive or programmatic user experience that may enable the customerand/or auditor 212 to interact with the environment easily andunderstand the impact of his/her changes in terms of the monitoringsystem.

Through their experience with the monitoring host 210, the customerand/or auditor 212 may see which controls are effective, and which arenot. The monitoring system may operate on two or more environmentssimultaneously. For example, multiple sandboxes may be provided fordifferent customers, etc. The production servers 216 may provide thecloud service to customers. The second environment (the trust sandbox214) may include the same configurations and server roles as theproduction servers 216 except for the same scale—it may comprise asmaller set of machines.

In some embodiments, the customer and/or auditor 212 may have privilegedaccess to the trust sandbox 214 and may introduce or inject anycompliance control breaking change they wish. The user experience ofthis server may allow the customer and/or auditor 212 to either changeserver settings directly or to select a pre-packaged control failureinjection from a menu of options (e.g., for users who are nottechnically knowledgeable enough to know what server settings they needto change to create a particular compliance failure). The customerand/or auditor 212 may then look at the compliance monitoring host,which because it is monitoring the controls in the trust sandbox 214 mayregister the failure that the customer and/or auditor 212 expects tosee. Because the monitoring host responds in the same way to the samecontrols in production servers and the trust sandbox, the customerand/or auditor 212 may gain trust in the automation introducing variousfailures in the sandbox, and seeing that the monitoring responds asexpected.

The monitoring host 210 may also perform additional tasks such as riskanalysis, automated audits, etc. in addition to providing a userexperience to the compliance controls and reports based on compliancetesting results.

FIG. 3 illustrates two examples of sandbox environments in relation to aproduction environment, according to embodiments.

As shown in diagram 300, a production environment 302 for a cloudservice may include a number of servers 304. In some embodiments, thesandbox environment 310 may include servers that are separate from theservers of the production environment 302. The servers of the sandboxenvironment 310 may have same or similar configuration, roles, etc. toduplicate introduced failures without the same scale of the productionenvironment, as discussed above. Changes to the production environment302 such as role changes, additional roles, configuration changes, etc.may be reflected in the sandbox environment 310 periodically or uponchange.

In other embodiments, servers 308 among the production servers 304 maybe selected for the sandbox environment 306. These real productionservers acting as the sandbox environment servers may be selected by thecompliance system or by the customer / auditor requesting the compliancemonitoring. In some cases, the selected servers may preserve their rolesand configurations, but be taken off production operations and serverfor compliance testing purposes only. In other cases, the selectedservers may continue to perform a subset of their production tasks, butmeasures may be taken to prevent the compliance testing (introducedfailures) from affecting actual production environment operations.

In further embodiments, the sandbox servers may be real machines(physical servers) or virtual machines (interface). The sandboxinterface may also be a server or an interface.

The example scenarios and schemas in FIGS. 2 and 3 are shown withspecific components, data types, and configurations. Embodiments are notlimited to systems according to these example configurations. Compliancetesting through sandbox environments may be implemented inconfigurations employing fewer or additional components in applicationsand user interfaces. Furthermore, the example schema and componentsshown in FIGS. 2 and 3 and their subcomponents may be implemented in asimilar manner with other values using the principles described herein.

FIG. 4 is an example networked environment, where embodiments may beimplemented. A system providing compliance testing through sandboxenvironments may be implemented via software executed over one or moreservers 414 such as a hosted service. The platform may communicate withclient applications on individual computing devices such as a smartphone 413, a laptop computer 412, or desktop computer 411 (clientdevices') through network(s) 410.

Client applications executed on any of the client devices 411-413 mayfacilitate communications via application(s) executed by servers 414, oron individual server 416. A monitoring application acting a monitoringhost may provide a user experience based on user introduced failures andtest scenarios to the client devices 411-413. The monitoring applicationmay retrieve a component information associated with a status of aservice from a data store maintaining the component information. Themonitoring application may store the updates or additional dataassociated with the component information in data store(s) 419 directlyor through database server 418.

Network(s) 410 may comprise any topology of servers, clients, Internetservice providers, and communication media. A system according toembodiments may have a static or dynamic topology. Network(s) 410 mayinclude secure networks such as an enterprise network, an unsecurenetwork such as a wireless open network, or the Internet. Network(s) 410may also coordinate communication over other networks such as PublicSwitched Telephone Network (PSTN) or cellular networks. Furthermore,network(s) 410 may include short range wireless networks such asBluetooth or similar ones. Network(s) 410 provide communication betweenthe nodes described herein. By way of example, and not limitation,network(s) 410 may include wireless media such as acoustic, RF, infraredand other wireless media.

Many other configurations of computing devices, applications, datasources, and data distribution systems may be employed to providecompliance testing through sandbox environments. Furthermore, thenetworked environments discussed in FIG. 4 are for illustration purposesonly. Embodiments are not limited to the example applications, modules,or processes.

FIG. 5 and the associated discussion are intended to provide a brief,general description of a suitable computing environment in whichembodiments may be implemented. With reference to FIG. 5, a blockdiagram of an example computing operating environment for an applicationaccording to embodiments is illustrated, such as computing device 500.In a basic configuration, computing device 500 may be any computingdevice executing a compliance application according to embodiments andinclude at least one processing unit 502 and system memory 504.Computing device 500 may also include a plurality of processing unitsthat cooperate in executing programs. Depending on the exactconfiguration and type of computing device, the system memory 504 may bevolatile (such as RAM), non-volatile (such as ROM, flash memory, etc.)or some combination of the two. System memory 504 typically includes anoperating system 505 suitable for controlling the operation of theplatform, such as the WINDOWS® operating systems from MICROSOFTCORPORATION of Redmond, Wash. The system memory 504 may also include oneor more software applications such as program modules 506, a monitoringapplication 522, and a compliance module 524.

The monitoring application 522 may automatically generate certificationdocumentation. The monitoring application 522 in conjunction with thecompliance module 524 may allow a compliance user or auditor to injectfailures into a sandbox environment, which may be similar to aproduction service. The sandbox environment may be monitored by the sameautomation that watches compliance controls in the production service.As the user injects compliance failures into the sandbox, they maydetect the appropriate alerts fire in the monitoring system, therebygaining trust that the monitoring works as it should. This basicconfiguration is illustrated in FIG. 5 by those components within dashedline 508.

Computing device 500 may have additional features or functionality. Forexample, the computing device 500 may also include additional datastorage devices (removable and/or non-removable) such as, for example,magnetic disks, optical disks, or tape. Such additional storage isillustrated in FIG. 5 by removable storage 509 and non-removable storage510. Computer readable storage media may include volatile andnonvolatile, removable and non-removable media implemented in any methodor technology for storage of information, such as computer readableinstructions, data structures, program modules, or other data. Systemmemory 504, removable storage 509 and non-removable storage 510 are allexamples of computer readable storage media. Computer readable storagemedia includes, but is not limited to, RAM, ROM, EEPROM, flash memory orother memory technology, CD-ROM, digital versatile disks (DVD) or otheroptical storage, magnetic tape, magnetic disk storage or other magneticstorage devices, or any other medium which can be used to store thedesired information and which can be accessed by computing device 500.Any such computer readable storage media may be part of computing device500. Computing device 500 may also have input device(s) 512 such askeyboard, mouse, pen, voice input device, touch input device, an opticalcapture device for detecting gestures, and comparable input devices.Output device(s) 514 such as a display, speakers, printer, and othertypes of output devices may also be included. These devices are wellknown in the art and need not be discussed at length here.

Computing device 500 may also contain communication connections 516 thatallow the device to communicate with other devices 518, such as over awired or wireless network in a distributed computing environment, asatellite link, a cellular link, a short range network, and comparablemechanisms. Other devices 518 may include computer device(s) thatexecute communication applications, web servers, and comparable devices.Communication connection(s) 516 is one example of communication media.Communication media can include therein computer readable instructions,data structures, program modules, or other data. By way of example, andnot limitation, communication media includes wired media such as a wirednetwork or direct-wired connection, and wireless media such as acoustic,RF, infrared and other wireless media.

Example embodiments also include methods. These methods can beimplemented in any number of ways, including the structures described inthis document. One such way is by machine operations, of devices of thetype described in this document.

Another optional way is for one or more of the individual operations ofthe methods to be performed in conjunction with one or more humanoperators performing some. These human operators need not be collocatedwith each other, but each can be only with a machine that performs aportion of the program.

FIG. 6 illustrates a logic flow diagram for a process to providecompliance testing through sandbox environments according toembodiments. Process 600 may be implemented on a certificationapplication.

Process 600 begins with operation 610, where a customer or and auditormay be enabled to inject a failure mode to a cloud service through aninteractive or programmatic user experience managed by a monitoringhost. At operation 620, the failure mode may be introduced to one ormore servers of a sandbox environment, where the sandbox environment maybe part of the production environment or a separate environment withservers having similar roles, configurations, etc.

At operation 630, effects of the introduced failure in the sandboxenvironment may be monitored by the monitoring host. At operation 640,the monitoring host may provide feedback associated with the monitoredeffects of the introduced failure through the interactive orprogrammatic user experience in form of rich reports or other formats.

The operations included in process 600 are for illustration purposes.Compliance testing through sandbox environments n may be implemented bysimilar processes with fewer or additional steps, as well as indifferent order of operations using the principles described herein.

The above specification, examples and data provide a completedescription of the manufacture and use of the composition of theembodiments. Although the subject matter has been described in languagespecific to structural features and/or methodological acts, it is to beunderstood that the subject matter defined in the appended claims is notnecessarily limited to the specific features or acts described above.Rather, the specific features and acts described above are disclosed asexample forms of implementing the claims and embodiments.

What is claimed is:
 1. A method executed on a computing device, themethod comprising: monitoring a sandbox environment and a productionenvironment of a service using the same monitoring host simultaneously,wherein the sandbox environment includes a server replicating at least aportion of the service of the production environment; receiving, duringoperation of the sandbox environment, a selection of a failure from auser through a user interface managed by the monitoring host; inresponse to receiving the selection from the user, injecting the failureto the server included in the sandbox environment during the operationof the sandbox environment; monitoring an effect of the failure in thesandbox environment using the monitoring host; and providing a reportassociated with the effect of the failure.
 2. The method of claim 1,wherein providing the report associated with the effect of the failureincludes providing a report indicating an alert fired in the monitoringhost in response to the failure.
 3. The method of claim 1, furthercomprising updating the server included in the sandbox environment basedon a change in the production environment.
 4. The method of claim 3,wherein updating the server included in the sandbox environment includesupdating at least one selected from a group consisting of aconfiguration and a role.
 5. The method of claim 3, wherein updating theserver included in the sandbox environment based on the change to theproduction environment includes updating the server included in thesandbox environment based on to at least one selected from a groupconsisting of a configuration change in the production environment, arole change in the production environment, and an addition of a role inthe production environment.
 6. The method of claim 3, wherein updatingthe server included in the sandbox environment includes updating theserver periodically.
 7. The method of claim 3, wherein updating theserver included in the sandbox environment includes update the server inresponse to the change to the production environment.
 8. The method ofclaim 1, further comprising providing the user interface to the user,wherein the user interface includes a list of at least one pre-packagedfailure.
 9. The method of claim 1, further comprising providing feedbackassociated with the effect of the failure, wherein the feedback includesat least one selected from a group consisting of a risk analysis and anautomated audit.
 10. A computing device comprising: a memory deviceconfigured to store a software program; and a processor coupled to thememory device and, via execution of the software program, configured tomonitor a sandbox environment and a production environment of a cloudservice using the same monitoring host simultaneously, wherein thesandbox environment includes a server replicating at least a portion ofthe cloud service of the production environment, receive, duringoperation of the sandbox environment, a selection of a failure from auser through a user interface managed by the monitoring host, inresponse to receiving the selection from the user, inject the failure tothe server of the sandbox environment during the operation of thesandbox environment, monitor an effect of the failure in the sandboxenvironment using the monitoring host, and provide a report associatedwith the effect of the failure.
 11. The computing device of claim 10,wherein the server included in the sandbox environment is taken offproduction operation within the production environment and is configuredto retain, when taken off production operation within the productionenvironment, at least one selected from a group consisting of aconfiguration within the production environment and a role within theproduction environment.
 12. The computing device of claim 11, whereinthe server included in the sandbox environment is configured to refrainfrom performing a production environment task while included in thesandbox environment.
 13. The computing device of claim 11, wherein theserver included in the sandbox environment is configured to perform atleast one production environment task while included in the sandboxenvironment.
 14. The computing device of claim 10, wherein the serverincluded in the sandbox environment is selected from a plurality ofservers based on one selected from a group consisting of randomselection and user input.
 15. The computing device of claim 10, whereinthe processor is further configured to update the server included in thesandbox environment in response to a change to the productionenvironment, wherein the change to the production environment includesat least one selected from a group consisting of a configuration change,a role change, and an addition of a role.
 16. The computing device ofclaim 10, wherein the sandbox environment includes a first number ofsevers less than a second number of servers included in the productionenvironment.
 17. A computer-readable storage medium storing instructionsexecutable by a processor to perform a set of functions, the set offunctions comprising: simultaneously monitoring a server included in aproduction environment of a cloud service and a server included in asandbox environment, the server included in the sandbox environmentreplicating at least a portion of the cloud service; receiving, duringoperation of the sandbox environment, a selection of a failure from auser through a user interface managed by the monitoring host; inresponse to receiving the selection from the user, injecting the failureto the server of the sandbox environment during the operation of thesandbox environment, monitoring an effect of the failure in the sandboxenvironment using the monitoring host; and providing a report associatedwith the effect of the failure.
 18. The computer-readable storage mediumof claim 17, wherein the set of functions further comprises retrievingcomponent information associated with a status of the cloud service froma data store.
 19. The computer-readable storage medium of claim 18,wherein the set of functions further comprises storing an updateassociated with the component information in the data store via leastone selected from a group consisting of directly and through a databaseserver.
 20. The computer-readable storage medium of claim 17, whereinthe server included in the sandbox environment is one selected from agroup consisting of a physical server and a virtual server and whereinthe server included in the production environment is one selected from agroup consisting of a physical server and a virtual server.